A penetration test consists of a sequence of complex tasks executed against the target. The execution of these tasks impacts the target system in many ways. Several configuration files may get modified, a lot of audit records may get recorded in log files, and there might be changes in the registry in the case of Windows systems. All these changes may help the investigators or blue team members to trace back the attack vector.
After completing a penetration test, it would be good to clear all the residual files that were used during the compromise. However, this needs to be in agreement with the blue team. Another intent behind clearing out all the tracks could be testing the post-incident response methods of an ...